Linux Kernel ICSSG PRUETH Zero-Copy Reception Vulnerability Allows Memory Leak to User Space

A vulnerability in the Linux kernel's ICSSG PRUETH Ethernet driver has been addressed. The issue arose in the zero-copy reception dispatch, where the driver allocated a new socket buffer (skb) but failed to copy the packet data from the XDP buffer. As a result, the skb contained uninitialized heap memory, leading to a leak of kernel heap contents to user space. The vulnerability has been fixed by copying the received packet data into the skb and removing an incorrect recycling call that could corrupt the state of the page pool. This issue did not affect the non-zero-copy reception path, which handled the data correctly.

Impact

The vulnerability could be exploited to leak uninitialized kernel heap memory to user space, potentially allowing for information disclosure.